Wednesday, 2021-04-21

« Tuesday, 2021-04-20 Index Thursday, 2021-04-22 »
*** macz_ has joined #openstack-ansible01:54
*** macz_ has quit IRC01:59
*** jamesdenton has joined #openstack-ansible02:28
*** evrardjp has quit IRC02:33
*** evrardjp has joined #openstack-ansible02:33
*** macz_ has joined #openstack-ansible03:03
*** macz_ has quit IRC03:07
*** pto has joined #openstack-ansible04:56
*** macz_ has joined #openstack-ansible05:04
*** macz_ has quit IRC05:09
*** miloa has joined #openstack-ansible05:21
*** macz_ has joined #openstack-ansible05:25
*** macz_ has quit IRC05:29
*** shyamb has joined #openstack-ansible05:40
*** shyam89 has joined #openstack-ansible05:54
*** shyamb has quit IRC05:55
*** cyberpear has quit IRC05:57
*** mnaser has quit IRC05:59
*** mnaser has joined #openstack-ansible06:00
*** cyberpear has joined #openstack-ansible06:00
*** miloa has quit IRC06:03
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_zun master: Use ansible_facts[] instead of fact variables  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/78073306:12
*** shyam89 has quit IRC06:42
*** macz_ has joined #openstack-ansible06:46
*** luksky has joined #openstack-ansible06:49
*** macz_ has quit IRC06:51
*** shyamb has joined #openstack-ansible07:07
jrossermorning07:10
*** andrewbonney has joined #openstack-ansible07:11
noonedeadpunkmornings!07:23
noonedeadpunkhave interesting thing here:) just realized, that buster has libvirt 7 installed in CI07:23
jrosseroh!07:24
jrossertheres an apt log which should show when that was installed07:24
noonedeadpunkbut I have no idea how that has happened as I can't see libvirt 7 for buster in https://packages.debian.org/buster/libvirt-daemon07:24
jrossermaybe something is broken with the image building now the bullseye repos are there?07:25
noonedeadpunkwell, there is. and I checked it. and eventually infra mirrors does have it in main (even not in the backports)07:25
noonedeadpunkmaybe mirroring is broken....07:25
jrosserperhaps check the SHA of the deb against the one from bullseye07:26
jrosserif they're the same it's looking like mirror wierdness07:26
noonedeadpunkie https://mirror.gra1.ovh.opendev.org/debian/pool/main/libv/libvirt/07:27
jrossereven if the same version number was in buster i'd expect the binary to be different07:27
noonedeadpunkyeah, probably that's really from bullseye, as version is the same07:29
noonedeadpunkmd5 is  the same07:29
jrosseroh well actually its a pool dir isnt it07:30
jrosserso all the deb just go in the same big bucket and the Packages file actually says whats what for each distro version?07:30
jrosserit would be this file saying which deb are the ones you want for bullseye https://mirror.gra1.ovh.opendev.org/debian/dists/bullseye/main/binary-amd64/07:31
jrosserand similar for buster07:31
*** rpittau|afk is now known as rpittau07:33
noonedeadpunkthe good news I guess is that we've kind of testing bullseye atm07:33
jrosseri'm just downloading the Packages file for buster07:34
noonedeadpunkme too07:34
jrosserit's massive!07:34
jrosseri don't see anything except Version: 5.0.0-4+deb10u1 in the buster packages file07:40
andrewbonneyIs it coming from here? http://osbpo.debian.net/osbpo/pool/buster-victoria-backports-nochange/main/l/libvirt/07:43
andrewbonneyvia https://github.com/openstack/openstack-ansible-openstack_hosts/blob/master/vars/debian.yml#L8807:43
noonedeadpunkYeah, me neither...07:45
noonedeadpunkit's so weird...07:45
*** tosky has joined #openstack-ansible07:46
*** shyamb has quit IRC07:48
noonedeadpunkapt conf looks super valid for me https://bb24b88c59d7f6837dc4-1c4caaf4d8e2d09894889f3221a65fdb.ssl.cf5.rackcdn.com/787199/1/check/openstack-ansible-deploy-aio_metal-debian-buster/23262e2/logs/etc/host/apt/sources.list.d/index.html07:49
*** shyamb has joined #openstack-ansible07:54
*** shyam89 has joined #openstack-ansible07:55
jrossernoonedeadpunk: andrewbonney is right, you can see it install the osbpo version here https://bb24b88c59d7f6837dc4-1c4caaf4d8e2d09894889f3221a65fdb.ssl.cf5.rackcdn.com/787199/1/check/openstack-ansible-deploy-aio_metal-debian-buster/23262e2/logs/host/apt/history.log.txt07:58
*** shyamb has quit IRC07:58
noonedeadpunkah, indeed!07:59
*** shyam89 has quit IRC08:00
jrossernot sure i know what to make of that08:00
jrosseras suddenly now anyone with a buster deployment gets a surprise upgrade to libvirt-708:00
noonedeadpunkwell, yes, I'd expect that to be for W indeed08:01
noonedeadpunkand on W you will get just default libvirt 508:01
openstackgerritMerged openstack/openstack-ansible master: Remove OpenSUSE from role maturity matrix  https://review.opendev.org/c/openstack/openstack-ansible/+/78717308:01
jrosseroh i'm confused though, the directory is buster-victoria-backports-nochange ?08:02
noonedeadpunkare you complaining about nochange part?:)08:05
noonedeadpunkI meant that for buster on W there's no backports08:05
jrosserwell even for victoria we use that repo? https://github.com/openstack/openstack-ansible-openstack_hosts/blob/stable/victoria/vars/debian.yml08:06
noonedeadpunkyep?08:07
noonedeadpunkyes, you're right about all V users will get new libvirt08:07
noonedeadpunkwhat I'm upset with is about that on W we still can't offer buster for upgrade purposes I guess08:08
*** macz_ has joined #openstack-ansible08:12
*** odyssey4me has joined #openstack-ansible08:15
*** macz_ has quit IRC08:16
*** luksky has quit IRC08:24
*** luksky has joined #openstack-ansible08:24
*** luksky has quit IRC08:25
*** luksky has joined #openstack-ansible08:25
*** shyamb has joined #openstack-ansible08:38
*** shyamb has quit IRC08:57
rndmh3ronoonedeadpunk: thanks for merging the encryption feature in the galera role!09:15
noonedeadpunkthanks for working on it:)09:17
*** gshippey has joined #openstack-ansible09:30
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Make octavia_provider_network better configurable  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/78733609:41
*** rohit02 has joined #openstack-ansible09:56
*** shyamb has joined #openstack-ansible09:59
rohit02hi team,we need to  deploy openstack ansible victoria with all endpoints on ssl i.e public,internal,admin but not getting these setting in doc.can you please help with that?10:01
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Make octavia_provider_network better configurable  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/78733610:27
noonedeadpunkrohit02: you can set `haproxy_ssl_all_vips: true`10:27
*** shyamb has quit IRC10:28
rohit02noonedeadpunk: user_variables.yml in this file right.....do i need to mentioned these option also "keystone_service_internaluri_proto: https10:30
rohit02" keystone_service_internaluri_insecure: True10:30
jrosserrohit02: thats handled in group_vars here https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/all/keystone.yml#L36-L4110:32
jrosserso the proper override to cover the internal services globally would be https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/all/all.yml#L8810:33
jonherre 783236 cloudkitty, before pushing the fixes that was commented on, i worked on the secret migration (if user has set cloudkitty secrets elsewhere) and this is the nicest i've managed to get it: http://paste.openstack.org/show/804661/ does that look acceptable?10:36
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Remove cephfs_enable_snapshots  https://review.opendev.org/c/openstack/openstack-ansible/+/78734110:39
*** shyamb has joined #openstack-ansible10:43
*** shyam89 has joined #openstack-ansible10:45
*** shyamb has quit IRC10:47
openstackgerritMerged openstack/openstack-ansible-galera_server master: Bump MariaDB version to 10.5.9  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/77708810:58
*** mgariepy has quit IRC11:16
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Remove cephfs_enable_snapshots  https://review.opendev.org/c/openstack/openstack-ansible/+/78734111:17
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: Set manila_backends to empty dict by default  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/78735411:24
openstackgerritMerged openstack/openstack-ansible-os_magnum master: [goal] Deprecate the JSON formatted policy file  https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/78153811:29
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: Set manila_backends to empty dict by default  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/78735411:33
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Cleanup after service variables merged  https://review.opendev.org/c/openstack/openstack-ansible/+/76997411:38
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Cleanup after service variables merged  https://review.opendev.org/c/openstack/openstack-ansible/+/76997411:41
openstackgerritMerged openstack/openstack-ansible-os_zun master: [reno] Stop publishing release notes  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/77205311:42
rohit02jrosser: you means i need to mentioned only "haproxy_ssl_all_vips: true" in user_variable file right or do i need to add anything11:45
jrosserwell it's two things i think, 1) configure haproxy to be SSL on internal 2) set the service URL to be https rather than http11:47
jrosserso it feels like there are two pieces of config11:47
*** rh-jlabarre has joined #openstack-ansible11:48
jrosseri just looked through the group vars, you might be interested to use codesearch for this to understand where all the settings are used https://codesearch.opendev.org/?q=openstack_service_internaluri_proto11:48
rohit02jrosser: can u plzz send me the doc link or do u have any example set11:50
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Remove cephfs_enable_snapshots  https://review.opendev.org/c/openstack/openstack-ansible/+/78734111:51
jrosserrohit02: i don't thing there is a specific documentation for enabling internal https in openstack-ansible, but pretty much everything can be overidden in your user_variables.yml11:53
jrosserrohit02: you had asked about keystone_service_internaluri_insecure, so i put that straight into codesearch like this https://codesearch.opendev.org/?q=keystone_service_internaluri_insecure11:54
jrosserand the first result then shows you that there is a deployment wide variable called openstack_service_internaluri_proto11:55
rohit02jrosser: my goal is each openstack service all endpoints on ssl11:56
jrosseri'm trying to show you the tools to find this stuff, rather than need to have specific documentation for many hundreds of overrides11:56
jrosserrohit02: yes, and hopfeully i'm showing you how to discover how to do this :)11:56
*** sshnaidm has quit IRC12:00
*** sshnaidm has joined #openstack-ansible12:07
admin0rohit02, in the current deployment ( defaults ). the networking used for internal is a un-routed layer2 used only between compute/controllers only accessible to the root user.. so all internal is without ssl and all external/public is with ssl ..if you have a bigger cluster12:09
admin0in a bigger cluster with 100s of nodes ... the time and cpu usage of ssl will add up to be noticable ( at least in graphs ) :)12:10
rohit02admin0: its a very small setup with 5 nodes12:11
admin0so if you have a dedicated nodes for osa . where root/admins have access and no other users are allowed (ssh, have account to tcpdump, or compile c/perl) .. the defaults are safe12:11
jrosseradmin0: i think the query here is about how to enable SSL for internal12:13
jrosserdepending on the situation defaulting to http may not be acceptable12:13
admin0right .. that i know .. but i was also letting him know that even without ssl for internal .. he should not feel insecure :)12:13
*** shyam89 has quit IRC12:15
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Do not generate subunit report  https://review.opendev.org/c/openstack/openstack-ansible/+/78735812:17
*** mgariepy has joined #openstack-ansible12:37
*** yasemind has joined #openstack-ansible12:47
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Cleanup after service variables merged  https://review.opendev.org/c/openstack/openstack-ansible/+/76997412:55
yasemindHi, we installed OpenStack stable/victoria(22.1.0) with OSA, We have added the zun compute service, we are using zun-compute nodes only for zun not nova. so it doesn't install network agents. But in zun docs it says on zun compute nodes we need network agent service. when i created zun container, it gave an error13:00
yasemindhttp://paste.openstack.org/show/804674/ . Do you have any idea?13:00
noonedeadpunkandrewbonney: ^?:)13:01
*** spatel_ has joined #openstack-ansible13:03
*** spatel_ is now known as spatel13:03
andrewbonneyInteresting. We deploy on the same hosts as nova so not quite the same. Could you share output from 'journalctl -u kuryr-libnetwork' around that time?13:03
yasemindandrewbonney okey, this error http://paste.openstack.org/show/804675/13:11
andrewbonneyOk. Assuming it's as simple as missing neutron components I suspect https://github.com/openstack/openstack-ansible/blob/4d6c3a2ec743e149505e5b9c936dacee6d6d4379/inventory/env.d/zun.yml#L19 needs to look a bit more like https://github.com/openstack/openstack-ansible/blob/4d6c3a2ec743e149505e5b9c936dacee6d6d4379/inventory/env.d/nova.yml#L5313:20
andrewbonneynoonedeadpunk: could you confirm my understanding?13:20
noonedeadpunkoh, yes, I think that really might be the case13:22
andrewbonneyI'll do a patch13:22
openstackgerritAndrew Bonney proposed openstack/openstack-ansible master: Install neutron components on Zun compute hosts without Nova  https://review.opendev.org/c/openstack/openstack-ansible/+/78736413:24
andrewbonneyyasemind: I'm hoping that the above patch will fix that for you, but I don't have a matching deployment to test on so if you can confirm that'd be great13:25
yasemindandrewbonney okey, we will test it13:27
*** dasp_ has joined #openstack-ansible13:34
*** dasp has quit IRC13:35
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Cleanup after service variables merged  https://review.opendev.org/c/openstack/openstack-ansible/+/76997413:41
openstackgerritMerged openstack/openstack-ansible-os_nova stable/victoria: Install spice-html5 from source for RedHat  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/78690313:43
yasemindandrewbonney we tested it, it works13:49
andrewbonneyAwesome, thanks for checking13:49
noonedeadpunkthanks andrewbonney for having a look!14:22
*** yasemind has quit IRC14:34
*** luksky has quit IRC14:34
*** luksky has joined #openstack-ansible14:35
*** macz_ has joined #openstack-ansible14:37
*** macz_ has quit IRC14:38
*** macz_ has joined #openstack-ansible14:39
openstackgerritJonathan Rosser proposed openstack/ansible-role-pki master: Add boilerplate ansible role components  https://review.opendev.org/c/openstack/ansible-role-pki/+/77462014:40
openstackgerritJonathan Rosser proposed openstack/ansible-role-pki master: WIP - create certificate authorities  https://review.opendev.org/c/openstack/ansible-role-pki/+/78740414:40
jrossernoonedeadpunk: andrewbonney WIP patches so that i can get some input/feedback on the PKI stuff ^^14:40
*** rohit02 has quit IRC14:49
*** mgariepy has quit IRC16:08
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: [goal] Deprecate the JSON formatted policy file  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/78224416:11
*** chandankumar is now known as raukadah16:22
*** rohit02 has joined #openstack-ansible16:34
*** mgariepy has joined #openstack-ansible17:08
*** rohit02 has quit IRC17:09
*** rpittau is now known as rpittau|afk17:24
openstackgerritMerged openstack/openstack-ansible-os_zun master: Fix u-c filter regex  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/78381817:50
*** andrewbonney has quit IRC18:01
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Make octavia_provider_network better configurable  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/78733618:20
*** MrClayPole has quit IRC18:35
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_gnocchi master: Use ceph_client symlinking process  https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/78743318:38
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Cleanup after service variables merged  https://review.opendev.org/c/openstack/openstack-ansible/+/76997418:40
*** MrClayPole has joined #openstack-ansible18:44
*** luksky has quit IRC19:15
*** luksky has joined #openstack-ansible19:15
*** luksky has quit IRC19:26
*** luksky has joined #openstack-ansible19:39
*** KurtB has joined #openstack-ansible20:46
*** macz_ has quit IRC21:34
*** spatel has quit IRC21:42
*** KurtB has quit IRC22:22
*** luksky has quit IRC22:27
openstackgerritMerged openstack/openstack-ansible-os_swift stable/victoria: Revert "split templates to work around configparser bug"  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/78679022:57
openstackgerritMerged openstack/openstack-ansible-os_zun master: Fix oslo_messaging topic condition  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/78727523:02
openstackgerritMerged openstack/openstack-ansible-os_zun master: Allow to override zun policy files  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/78231623:16
*** tosky has quit IRC23:42
« Tuesday, 2021-04-20 Index Thursday, 2021-04-22 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!